Professional Documents
Culture Documents
Asare - Internal Auditing PS - 2009
Asare - Internal Auditing PS - 2009
"$ )
Thomas Asare - tomasarek@yahoo.com
/
In the past, managers in the public sector had a narrower range of expectations for the
role of internal audit than managers in the private sector. This explains why the internal
audit function in the public sector was dominated by pre-payment audits. Thus internal
auditors devoted most of their time to the checking on individual transactions before the
payments were made. However, in recent years internal auditing has assumed a strategic
dimension and that underscores why it has become an essential component of public
sector governance and financial management reforms in many developing countries. The
intent of this paper is to present a position that internal auditing in the public sector,
when well structured and given the required mandate to perform, improves performance
and serves as a valuable resource in promoting good governance. It generates thoughts
on the importance and challenges of public sector internal auditing.
Keywords: Internal auditing, public sector, value addition, performance improvement
"
Internal auditing is a profession and activity involved in advising organizations regarding
how to better achieve their objectives through managing risks and improving internal
control. Internal auditing involves the utilisation of a systematic methodology for
analyzing business processes or organisational problems and recommending solutions.
The scope of internal auditing within an organization is broad and may include various
internal control related activities such as the review of the effectiveness and efficiency of
operations, the reliability of financial reporting, investigation fraud, risk assessment,
safeguarding of assets, and compliance with laws and regulations. Internal audit activities
therefore provide assurance on the effectiveness of public sector entities’ internal control
environment and may identify opportunities for performance improvement.
" #
Historically, internal auditing was perceived as being confined to merely ensuring that the
accounting and underlying records of an organization’s transactions were properly
maintained, that the assets management system was in place in order to safeguard the
assets and also to see whether policies and procedures were in place and were duly
complied with. With changing times, the concept of internal auditing has undergone
significant changes with regard to its definition, scope of coverage and approach. In some
organisations, the scope of modern internal auditing has been broadened from financial
issues to include value for money, evaluation of risk, managerial effectiveness and
governance processes.
In 1978, the Institute of Internal Auditors (IIA) defined internal auditing as:
“An independent appraisal activity established within an organization as a
service to the organization. It is a control, which functions by examining and
evaluating the adequacy and effectiveness of other controls. The objective of
internal auditing is to assist members of the organization in the effective
discharge of their responsibilities. To this end, internal auditing furnishes
them with analyses, appraisals, recommendations, counsel and information
concerning the activities reviewed” (Ali and others,. 2007, pp 25-26).
The modern scope and focus of internal auditing are reflected in the current definition
that was formally adopted by the IIA in 1999:
“An independent, objective assurance and consulting activity designed to add
value and improve an organization’s operations. It helps an organization
accomplish its objectives by bringing a systematic, disciplined approach to
evaluate and improve the effectiveness of risk management, control, and
governance processes”.
The notable difference between the definitions of 1978 and 1999 (as repeated in IIA
2008) is the prominence of objectivity in internal audit activities and also the emphasis on
the evaluation and improvement of the effectiveness in risk management and governance
processes. The current definition also contemplates two main internal audit services:
assurance and consulting services.
Assurance services, according to IIA (2008, p.2):
Involve the internal auditor’s objective assessment of evidence to provide an
independent opinion or conclusions regarding an entity, an operation, a
function, a process, system, or other subject matter. The nature and scope of
the assurance engagement are determined by the internal auditor. There are
generally three parties involved in assurance services: (1) the person or
group directly involved with the entity, operation, function, process, system,
or other subject matter - the process owner, (2) the person or group making
the assessment - the internal auditor, and (3) the person or group using the
assessment - the user.
And consulting services, according to the same source:
Are advisory in nature, and are generally performed at the specific request of
an engagement client. The nature and scope of the consulting engagement are
subject to agreement with the engagement client. Consulting services
generally involve two parties: (1) the person or group offering the advice -
the internal auditor, and (2) the person or group seeking and receiving the
advice - the engagement client. When performing consulting services the
internal auditor should maintain objectivity and not assume management
responsibility (IIA 2008, p. 2).
Internal auditing is conducted by persons within or outside the organization and in
diverse legal and cultural environments; within organizations that vary in purpose, size,
complexity, and structure. Even though the above differences may affect the practice of
internal auditing in each environment, conformance with The IIA International Standards
for the Professional Practice of Internal Auditing (Standards) is essential in meeting the
responsibilities of internal auditors and the internal audit activity (IIA 2008, p.1).
$% " #
Until the mid-20th century, internal auditors were primarily concerned with checking
accounting records and detection of financial errors and irregularities. Internal auditing
emerged as a profession in 1941, when the Institute of Internal Auditors (IIA) was
founded in New York by a group of practicing internal auditors. The need for a common
body of knowledge and standardization of practices was then recognised despite the fact
that internal auditors worked in different businesses and industries. This was the
beginning of the process of achieving an identity for internal auditing as a distinct
profession concerned with providing independent appraisals for all activities within an
organization and making recommendations to management.
Before the issuance of the first version of the Statement of Responsibilities by the IIA in
1947 most internal auditors focused on routine tasks. Meigs (1951, p.518), describing
internal audit practice in the era of 1941, stated:
“To most businessmen in that era, internal auditors were either clerks
assigned to the routine task of a perpetual search for clerical errors in
accounting documents, or they were traveling representatives of corporations
having branches in widely scattered locations”.
According to the IIA historical timeline, the first textbook for the practice, Brinks Internal
Auditing was published in 1941. The IIA technical journal, Internal Auditor, was first
distributed in 1943. The Code of Ethics was issued in 1968 and in 1978 the IIA published
the Standards for Professional Practice to serve as the primary source of reference for
directing an internal audit function. The first Certified Internal Auditor (CIA)
examinations were written in 1974 to test the knowledge of individuals against a
recognized body of knowledge before they become internal audit professionals.
Today, the IIA has transformed into the internal audit profession's global voice, chief
advocate, recognized authority, acknowledged leader, and principal educator. It is
internationally recognized as a trustworthy standard-setting body for internal auditing and
currently has membership across 165 countries.
2 3 " + $ /
%
The nature of internal audit organizational arrangement determines its independence and
effectiveness. The size and complexity of the public sector have influenced the diverse
forms of internal audit organisational arrangements and service delivery approaches.
Internal audit structure in the public sector can broadly be classified as following either a
centralized or a decentralized model.
Describing these two models, Diamond (2002, p.10) states that “in the centralized model
the Ministry of Finance (MOF) not only plays a key role in budgeting and allocating
funds to line ministries, but also directly intervenes in ex-ante controls, placing its own
staff in the line ministries. In the more decentralized approach, each line ministry takes
full responsibility for spending its own budget and for ensuring appropriate checks and
safeguards on the way this is spent”. The author here specifies that as pertains in the
United Kingdom as well as some “mixed” model in other practice: “The United
Kingdom, the origin of the Anglophone countries’ systems, has basically decentralized
the internal audit function. However, there are other models based on unique approaches
to internal audit, some of which appear to be a mix of internal and external audit
functions” (Diamond 2002, p.11).
Based on a critical assessment of current international practice, there appear to be five
main means by which internal audit function in the public sector can be configured and
these are outlined below with reference to current practices in selected countries.
" ) + 4 5 2
This is the case where internal audit function is placed under the supervision of
Accountant-General’s Office. A risk usually associated with this arrangement is the
possibility that an officer performing accounting duties may subsequently be required to
perform internal audit duties soon after performing accounting duties in the same or
related department. Swaziland and Tanzania are examples in Africa where the central
internal audit function of government rests with the Accountant-General's Department.
This was also the practice in Ghana before the passage of the Internal Audit Agency Act
in 2003.
!
countries’ systems, has basically a decentralised internal audit function. In Africa, South
Africa and Ghana are examples where the internal audit units are managed without
guidance or control from the central Finance Ministry. The units form part of the
departments’ own structures. However, in the case of Ghana there exists an Internal Audit
Agency that is established as an oversight agency and charged with responsibility of
facilitating, coordinating and providing quality assurance for internal audit practices and
technical performance. The oversight agency reports to the President.
" ) + " 4 5 2
In some countries internal audit is a function of the Supreme Audit Institution (SAI). This
configuration has not been popular in recent times as most countries are shifting away
from the practice of combining internal and external audit functions under the same
institution. Where such a practice exists, internal auditors report only to the Auditor-
General and are subject to professional, technical guidance and supervision from only the
SAI. Staffs in such cases perform mainly pre-audits rather than a professional internal
auditing function. Germany is a case in point where internal auditors operate within
agencies, but are subject to technical and professional guidance, as well as supervision by
the SAI, the Federal Court of Audit. This was also the practice in Ghana before the
transfer of internal audit responsibility to the Controller and Accountant-General’s
Department.
& " #
The role of internal auditing can be identified as involving three main elements, namely
the evaluation and improvement of risk management, control and governance processes.
These elements are sometimes referred to as the “three pillars” of internal auditing
(Figure 1 below). The three elements are further discussed below as reinforcements of the
fundamentals of an internal audit function in the public sector. Risk management, control
and governance encompass the policies and procedures established to ensure the
achievement of objectives and include the appropriate assessment of risk, the reliability
of internal and external reporting and accountability processes, compliance with
applicable laws and regulations, and compliance with the behavioural and ethical
standards set for public organizations and employees.
"
Figure 1 - The Three Pillars of Internal Auditing
%) "
Internal auditors’ roles in governance are broadly identified to be twofold. Firstly,
internal auditors provide independent, objective assessments on the appropriateness of the
organization's governance structure and the operating effectiveness of specific
governance activities. Secondly, they act as catalysts for change, advising or advocating
improvements to enhance the organization's governance structure and practices (IIA
2006b, p.4).
#
According to standard 2130, internal audit activity should assess and make appropriate
recommendations for improving the governance process to accomplish the following
objectives:
• promoting appropriate ethics and values within the organization.
• ensuring effective organizational performance management and accountability.
• effectively coordinating the activities of and communicating information among
the Board, external and internal auditors and management.
" " # (
The audit function has become an integral part of government financial management and
an instrument for improving performance in the public sector. The need for good
governance and accountability has compelled governments to demonstrate a stronger
sense of responsibility in the use of public funds and efficiency in the delivery of
services. Management of national economies today is more complex and demands greater
competency and professionalism from internal auditors if they are to be able to assist
government in ensuring that scarce resources are deployed more efficiently and to also
effectively deal with the associated risks.
Effective internal oversight and monitoring are crucial to good governance and effective
Public Financial Management (PFM). Internal oversight includes the internal audit
function that must be effective and should comply with generally accepted auditing
standards with regards to practice and approach. The focus of internal auditing is to
determine whether public funds have been spent for the purposes for which they were
appropriated and thereby promoting accountability. Internal audit undertakes reviews of
individual systems and processes and consequently makes recommendations to heads of
public sector entities on how internal controls could be improved.
An internal audit function is an essential part of any public expenditure management
system and should ensure that public spending is within budgetary provisions;
disbursements comply with specified procedures, provides for the timely reconciliation of
accounts and effective systems for managing and accounting for physical and financial
assets (Commonwealth Secretariat 2005, p.17).
Van Gansberghe (2005) puts forward the case that “Management must recognize the
value added role of internal audit and contribute towards its effectiveness.”, and that “As
internal auditing in the public sector assumes a status of professional practice,
management would benefit from its recommendations in improving its decision-making
and thus would be playing a more proactive and foresight role.”
Internal audit function provides internal consulting service to the management in public
sector institutions and hence the executive arm of government for smooth and efficient
functioning and for reviewing and improving its performance. It also ensures that there
are efficient controls and greater transparency in the decision and policy-making
processes of government functionaries and institutions in delivering services successfully
and in carrying out development programs in an efficient and appropriate manner. Public
Sector controls cover all aspects of activities including financial, managerial and
operational policies and are intended to safeguard assets, ensure the accuracy and
reliability of financial information and promote operational efficiency.
The internal audit function is in a good position to help senior management of public
institutions to identify risks, suggest risk management strategies and, ultimately, provide
assurance that the risks are being appropriately managed. Thus, the internal auditing
function evaluates the effectiveness of public institutions in achieving agreed objectives
and thereby promoting strong governance and accountability regime. Internal audit
function also applies professional skills through the evaluation of the policies, procedures
and operations that management put in place to ensure the achievement of the
organisation’s objectives. The recommendations made by internal audit for improvement
helps management in public sector entities to improve their risk management, control and
governance processes.
With the emergence of the Public Expenditure and Financial Accountability (PEFA)
framework in developing countries (PEFA, 2005), performance measurement framework
and results indicators have become key concepts in managerial practices and in the
formulation and execution of budgets. Indicators recently introduced in some countries
measure nationwide socio-economic progresses, stimulate public debate, and thus help
Government decide on important issues. “National Performance Indicators” are vital for
fulfilling public accountability that emphasises results and outcomes. Internal audit forms
part of the evaluation process in monitoring performance and verification of data quality
to ensure credibility of reported achievements. Also internal auditors could play
instrumental role in performing value-for-money (VFM) audits otherwise called
“Performance Audit”. Performance audits are concerned with the audit of economy,
efficiency and effectiveness of government expenditures or spending plans. In practice,
performance auditing is focused on assessing whether organisations are doing the right
things and in the smartest way.
According to the INTOSAI, performance auditing is an independent examination of the
efficiency and effectiveness of government undertakings, programs or organizations, with
due regard to economy, and the aim of leading to improvements (INTOSAI, 2004, p.11)
Performance audits may serve as a good mechanism in evaluating operating performance
in the budget execution process. It is based around the following questions and function:
• How much do programs cost?
• How were they financed?
• What was achieved?
• What were the processes followed in achieving the outcome?, and
• Assessing impacts that may provide a useful feedback and corrective mechanism
in subsequent planning cycles.
( ) " #
" 2 +
Audit committees should maintain direct oversight on the internal audit function in order
to ensure that management is addressing issues on control and risk management raised.
However, most public entities have not recognized its importance and effectiveness in the
control, risk management and governance processes. Audit committees could play key
role in helping audit to carry out its legal and fiduciary responsibilities, and contribute
towards the integrity of the government’s financial information, system of internal
control and legal and ethical conduct of management and employees.
The public sector also faces an enormous challenge of finding people from outside public
organisations, who are willing to serve as audit committee members and have sufficient
knowledge of the public sector operations and risks to make an effective contribution to
the risk management.
"1 ) %
The attraction and retention of competent internal audit staff remains a serious challenge
in the public sector due to unattractive remuneration packages compared to those in the
private sector. Internal audit staffs are expected to have a greater knowledge of the
entity’s business objectives, systems, risks and culture. Thus private sector audit staff
may not have the necessary skills and knowledge relevant to the public sector. The
inability to attract staff that can respond to the competence requirements and changing
needs of the public sector could affect the operational effectiveness and efficiency of the
internal audit function.
A well configured internal audit function can play a vital role in the governance and
accountability process of public sector institutions through their assessments on the
effectiveness of key organisational controls, governance and risk management processes.
Governing bodies and senior management in the public sector need the services of
internal audit to be effective and efficient. At the same time the legitimacy of internal
audit activity and its mission should be understood and supported by senior management
of government entities to enhance its effectiveness in promoting good public sector
governance, control and risk management systems.
Modern internal audit practice has transformed into a professional discipline of its own
and as a partner to governance bodies with strategic focus of contributing towards the
improvement of organisational governance and risk management strategies. Internal audit
has now found itself in the corporate spotlight and it is no longer seen as a less important
financial function and a nursery school for careers in finance. A career in internal
auditing has assumed a strategic significance and requires exposure to thorough
organisational processes and through interaction with executive management. One needs
to go through a broader base of experiences both technical and behavioural to be effective
in this function especially in the public sector where controls are still weak and public
expectations are enormous.
It is generally expected that individual internal audit staff will be members of the IIA and
other relevant professional accountancy bodies. Internal audit staffs are expected to use
their membership of such professional bodies to keep abreast with the emerging
professional and industry developments and use networking opportunities to assist in
resolving challenges they may encounter in the course of their work.
1
Ali, A. Gloeck, J. D. Ali, A. Ahmi, A. & Sahdan, M. H. (2007), ‘Internal audit in the state and local
governments of Malaysia,’ Southern African Journal of Accountability and Auditing Research,
Vol.7, pp.25-57
Asare, T. (2008), A Study of the Role of Internal Auditing in the Public Sector of Ghana: Governance and
Accountability, M.Sc. Dissertation, Birmingham City University Business School, Birmingham,
United Kingdom
ANAO (2003), Public Sector Governance, Vols.1-2, Better Practice Guide, Commonwealth of Australia,
National Audit Office, Canberra
ANAO (2007), Public Sector Internal Audit - An Investment in Assurance and Business Improvement,
Better Practice Guide, Commonwealth of Australia, National Audit Office, Canberra
Baltaci, M. & Yilmaz, S. (2006), Keeping an Eye on Subnational Governments: Internal Control and Audit
at Local Levels, World Bank Publications, pp.7-15
Commonwealth of Australia (2008), Better Practice Guide - Risk Management, Australian Government,
Comcover, available at http://www.finance.gov.au/comcover/better-practice-guide.html
Commonwealth Secretariat (2005), Guidelines for Public Expenditure Reform, London, Marlborough
House
Coram, P. J. Ferguson, C. & Moroney, R. A. (2007), Internal Audit, Alternative Internal Audit Structures,
and the Level of Misappropriation of Assets Fraud, October, http://ssrn.com/abstract=1021611
(March 18, 2008)
Diamond, J. (2002), The Role of Internal Audit in Government Financial Management: An International
Perspective, IMF Working Paper No. 02/94
Glass, R. (2005), The Relationship Between Internal and External Audit in the Public Sector, Presentation
to the IIA New Zealand Conference 21-23 November 2005,
http://www.oag.govt.nz/2005/reports/docs/internal-external-audit.pdf (May 6, 2008)
Griffiths, D. (2006), Risk-based internal auditing - An introduction, available at www.internalaudit.biz
(March 5, 2008)
Institute of Internal Auditors, Historical Timeline, http://www.theiia.org/theiia/about-the-institute/history-
milestones/iia-historical-timeline/ (13 March 2008)
Institute of Internal Auditors (2006a), The Role of Auditing in Public Sector Governance, Altamonte
Springs, FL, Institute of Internal Auditors
Institute of Internal Auditors (2006b), Organizational Governance: Guidance for Internal Auditors,
Altamonte Springs, FL, Institute of Internal Auditors
Institute of Internal Auditors (2008), International Professional Practices Framework - International
Standards for the Professional Practice of Internal Audit, Altamonte Springs, FL, IIA Inc.
INTOSAI (2004), Implementation Guidelines for Performance Auditing, Stockholm, July
Khan, M. A. (2006), Role of Audit in Fighting corruption, Paper prepared for ad hoc Group Meeting on
“Ethics, Integrity, and Accountability in the Public Sector: Re-building Public Trust in
Government through the Implementation of the UN Conventional against Corruption”, St.
Petersburg, Russia
Meigs, W. B. (1951), ‘The Expanding Field of Internal Auditing’, The Accounting Review, Vol.26, No.4,
October, pp.518-523
NAO (2000), Co-operation between internal and external Auditors, Good Practice Guide, HM Treasury
and National Audit Office, UK
PEFA (2005), Public Expenditure and Financial Accountability Framework, June 2005, Washington D.C.,
PEFA Secretariat, World Bank
Szymanski, S. (2007), How to Implement Economic Reforms: How to Fight Corruption Effectively in
Public Procurement in SEE Countries, OECD Publications
Van Gansberghe, C. N. (2005), Internal Audit: Finding its Place in Public Financial Management, Public
Expenditure and Fiscal Accountability Programme, Washington D.C., World Bank